Blog

Jul 20

FBI Blames Iranian Hackers For Stealing US Missile Tech

Two Iranian nationals remain at large after being charged by the U.S. Department of Justice with hacking into a Vermont-based engineering firm and stealing software used to develop projectiles, ranging from bullets to GPS-guided artillery shells and missiles.

A superseding indictment, dated April 21, 2016, and unsealed Monday, charges Mohammed Reza Rezakhah, 39, and Mohammed Saeed Ajily, 35, with a raft of hacking-related offenses. Charges include computer fraud and abuse, unauthorized access to computers, theft of information, as well as wire fraud and conspiracy. Arrest warrants have been issued for both men.

Based on an investigation led by the FBI cyber squad based in Albany, New York, beginning around 2007, Ajily - a businessman who regularly sells to Iranian military and government entities - instructed Rezakhah and others to steal valuable software or else find a way to crack it, referring to defeating any devices or code designed to restrict its use, the indictment alleges.

"Rezakhah would then conduct unauthorized intrusions into victim networks to steal the desired software," the Justice Department says. "Once the software was obtained, Ajily marketed and sold the software through various companies and associates to Iranian entities, including universities and military and government entities, specifically noting that such sales were in contravention of U.S. export controls and sanctions."

Target: Projectile Design Software

One of the group's alleged targets was the proprietary PRODAS - Projectile Rocket Ordnance Design and Analysis System - software that retails for $40,000 to $800,000, according to court documents. The software is developed by Arrow Tech, an engineering consulting firm based in Burlington, Vermont.

The software allegedly stolen by the suspects is designated as a "defense article" on the U.S. Munitions List of the International Traffic in Arms Regulations - ITAR - meaning anyone who wants to export it from the United States must first obtain a license from the U.S. Department of State.

PRODAS requires a hardware dongle to operate, and it includes warnings stating that it can only be shipped outside the United States with an export license.

So the defendants allegedly focused on cracking the hardware dongle. "Rezakhah and co-conspirator Nima Golestaneh operated under the company name 'Dongle Labs' to sell customers the capability to circumvent these types of protections on a variety of software packages," according to the indictment. "Razakhah also conducted other hacking and cracking activities at [Ajily's] direction."

Unexpected Twist for Third Suspect

The third man mentioned in the indictment, Golestaneh, an Iranian national, was arrested in Turkey in connection with the case in November 2013, via an Interpol "red notice," and extradited to the United States on Feb. 12, 2015.

On Dec. 2, 2015, Golestaneh pleaded guilty in Vermont federal court to related charges, including obtaining access to servers based in Canada and the Netherlands for Rezakhah, which Rezakhah allegedly used to hack into Arrow Tech's computers. According to court documents, the servers were used "to conduct unauthorized computer intrusions so that the intrusions would be more difficult to trace."

In January 2016, Golestaneh - then 30 years old - was one of seven Iranians granted clemency by President Barack Obama, in exchange for the release of Americans held captive in Iran.